Vulnerability Description
create.php in aoblogger 2.3 allows remote attackers to bypass authentication and create new blog entries by setting the uza parameter to 1.
CVSS Score
5.0
MEDIUM
AV:N/AC:L/Au:N/C:N/I:P/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mike Helton | Aoblogger | 2.3 |
References
- http://archives.neohapsis.com/archives/bugtraq/2006-01/0322.html
- http://evuln.com/vulns/37/summary.htmlExploitVendor Advisory
- http://mikeheltonisawesome.com/viewcomments.php?idd=46URL Repurposed
- http://secunia.com/advisories/16889Vendor Advisory
- http://www.securityfocus.com/bid/16286Exploit
- http://www.vupen.com/english/advisories/2006/0240
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24143
- http://archives.neohapsis.com/archives/bugtraq/2006-01/0322.html
- http://evuln.com/vulns/37/summary.htmlExploitVendor Advisory
- http://mikeheltonisawesome.com/viewcomments.php?idd=46URL Repurposed
- http://secunia.com/advisories/16889Vendor Advisory
- http://www.securityfocus.com/bid/16286Exploit
- http://www.vupen.com/english/advisories/2006/0240
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24143
FAQ
What is CVE-2006-0312?
CVE-2006-0312 is a vulnerability with a CVSS score of 5.0 (MEDIUM). create.php in aoblogger 2.3 allows remote attackers to bypass authentication and create new blog entries by setting the uza parameter to 1.
How severe is CVE-2006-0312?
CVE-2006-0312 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-0312?
Check the references section above for vendor advisories and patch information. Affected products include: Mike Helton Aoblogger.